Package org.apache.juneau.rest.guard

Class RestGuard

java.lang.Object

org.apache.juneau.rest.guard.RestGuard

Direct Known Subclasses:

AdminGuard, RoleBasedRestGuard

public abstract class RestGuard
extends Object

REST method guard.

Description

Implements a guard mechanism for REST method calls that allows requests to be rejected before invocation of the REST method. For example, guards can be used to ensure that only administrators can call certain methods.

Guards are applied to REST methods declaratively through the @Rest(guards) or @RestOp(guards) annotations.

If multiple guards are specified, ALL guards must pass in order for the request to proceed.

How to implement

Typically, guards will be used for permissions checking on the user making the request, but it can also be used for other purposes like pre-call validation of a request.

Implementers should simply throw a BasicHttpException from the guard(RestRequest, RestResponse) method to abort processing on the current request.

Guards must implement a no-args constructor.

Example usage:

public MyResource extends BasicRestServlet { // Delete method with guard that only allows Billy to call it. @RestDelete(guards=BillyGuard.class) public doDelete(RestRequest req, RestResponse res) throws Exception {...} }

Example implementation:

// Define a guard that only lets Billy make a request public BillyGuard extends RestGuard { @Override public boolean isRequestAllowed(RestRequest req) { return req.getUserPrincipal().getName().contains("Billy"); } }

See Also:

• Guards

Constructor Summary

Constructors

Constructor	Description
RestGuard()

Method Summary

Modifier and Type	Method	Description
boolean	guard(RestRequest req, RestResponse res)	Checks the current HTTP request and throws a BasicHttpException if the guard does not permit the request.
abstract boolean	isRequestAllowed(RestRequest req)	Returns true if the specified request can pass through this guard.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RestGuard

public RestGuard()

Method Details

guard

public boolean guard(RestRequest req,
 RestResponse res)
              throws BasicHttpException

Checks the current HTTP request and throws a BasicHttpException if the guard does not permit the request.

By default, throws an SC_FORBIDDEN exception if isRequestAllowed(RestRequest) returns false.

Subclasses are free to override this method to tailor the behavior of how to handle unauthorized requests.

Parameters:

req - The servlet request.

res - The servlet response.

Returns:

true if request can proceed. Specify false if you're doing something like a redirection to a login page.

Throws:

BasicHttpException - Thrown to abort processing on current request.

isRequestAllowed

public abstract boolean isRequestAllowed(RestRequest req)

Returns true if the specified request can pass through this guard.

Parameters:

req - The servlet request.

Returns:

true if the specified request can pass through this guard.